Usememos Memos vulnerabilities
73 known vulnerabilities affecting usememos/memos.
Total CVEs
73
CISA KEV
0
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL6HIGH16MEDIUM51
Vulnerabilities
Page 3 of 4
CVE-2022-4802P4MEDIUMCVSS 5.4fixed in 0.9.12022-12-28
CVE-2022-4802 [MEDIUM] CWE-639 CVE-2022-4802: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4806P4MEDIUMCVSS 5.3fixed in 0.9.12022-12-28
CVE-2022-4806 [MEDIUM] CWE-639 CVE-2022-4806: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4798P4MEDIUMCVSS 5.3fixed in 0.9.12022-12-28
CVE-2022-4798 [MEDIUM] CWE-639 CVE-2022-4798: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2023-0109P4MEDIUMCVSS 5.4v0.9.12024-11-15
CVE-2023-0109 [MEDIUM] CWE-79 CVE-2023-0109: A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. Th
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as
nvd
CVE-2022-4848P4MEDIUMCVSS 5.7fixed in 0.9.12022-12-29
CVE-2022-4848 [MEDIUM] CWE-940 CVE-2022-4848: Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2023-0106P4MEDIUMCVSS 5.4fixed in 0.10.02023-01-07
CVE-2023-0106 [MEDIUM] CWE-79 CVE-2023-0106: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0112P4MEDIUMCVSS 5.4fixed in 0.10.02023-01-07
CVE-2023-0112 [MEDIUM] CWE-79 CVE-2023-0112: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0108P4MEDIUMCVSS 5.4fixed in 0.10.02023-01-07
CVE-2023-0108 [MEDIUM] CWE-79 CVE-2023-0108: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0107P4MEDIUMCVSS 5.4fixed in 0.10.02023-01-07
CVE-2023-0107 [MEDIUM] CWE-79 CVE-2023-0107: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0110P4MEDIUMCVSS 5.4fixed in 0.10.02023-01-07
CVE-2023-0110 [MEDIUM] CWE-79 CVE-2023-0110: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0111P4MEDIUMCVSS 5.4fixed in 0.10.02023-01-07
CVE-2023-0111 [MEDIUM] CWE-79 CVE-2023-0111: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2022-4801P4MEDIUMCVSS 5.3fixed in 0.9.12022-12-28
CVE-2022-4801 [MEDIUM] CWE-1220 CVE-2022-4801: Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2025-65799P4MEDIUMCVSS 4.3v0.25.22025-12-08
CVE-2025-65799 [MEDIUM] CWE-73 CVE-2025-65799: A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 a
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
nvd
CVE-2022-4839P4MEDIUMCVSS 5.4fixed in 0.9.12022-12-29
CVE-2022-4839 [MEDIUM] CWE-79 CVE-2022-4839: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4609P4MEDIUMCVSS 5.4fixed in 0.9.02022-12-19
CVE-2022-4609 [MEDIUM] CWE-79 CVE-2022-4609: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
nvd
CVE-2022-4691P4MEDIUMCVSS 5.4fixed in 0.9.02022-12-27
CVE-2022-4691 [MEDIUM] CWE-79 CVE-2022-4691: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
nvd
CVE-2022-4840P4MEDIUMCVSS 5.4fixed in 0.9.12022-12-29
CVE-2022-4840 [MEDIUM] CWE-79 CVE-2022-4840: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4695P4MEDIUMCVSS 5.4fixed in 0.9.02022-12-27
CVE-2022-4695 [MEDIUM] CWE-79 CVE-2022-4695: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
nvd
CVE-2022-4841P4MEDIUMCVSS 5.4fixed in 0.9.12022-12-29
CVE-2022-4841 [MEDIUM] CWE-79 CVE-2022-4841: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4690P4MEDIUMCVSS 5.4fixed in 0.9.02022-12-23
CVE-2022-4690 [MEDIUM] CWE-79 CVE-2022-4690: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
nvd